Search found 22 matches

by robert.hollis
Fri Mar 08, 2013 10:13 am
Forum: Secutor Prime Support
Topic: Registry key not remediated
Replies: 1
Views: 4684

Re: Registry key not remediated

With some investigation, we found that the remediation content for this item needed an adjustment. This adjustment has been staged for delivery in our next release.

Thank you for calling this to our attention.
by robert.hollis
Tue Jul 12, 2011 6:27 am
Forum: Secutor Prime Support
Topic: MAC OS X
Replies: 1
Views: 5353

Secutor Prime can be used to scan Unix targets using SecureShell. This capability extends to Mac OS X. However, the community is still working on content to support this platform. One of the complications is lack of guidance from Apple to MITRE on how the plist_test is supposed to be constructed and...
by robert.hollis
Thu Mar 17, 2011 8:19 pm
Forum: Secutor Prime Support
Topic: Unable to remediate after assessment on Windows 7 64 bit
Replies: 5
Views: 9103

Hello, To clarify, when you say the application has not given you the Fix option, is this saying that the "Run Now" button is disabled in Fix mode? Or, are you able to depress the button with none of the ensuing remediation actions being successful? Also, when you load the benchmarks, is t...
by robert.hollis
Tue Feb 15, 2011 5:35 pm
Forum: Secutor Prime Support
Topic: Deviation file with no content, no deviations shown
Replies: 4
Views: 11563

Hi Tom, Thanks a bundle for your input. Older versions of the Deviation Manager (much older, like before August 2008), the Deviation file did not contain the driving XCCDF Rule that drove the deviation. This is not needed for functionality, but was extremely helpful to the end user in reporting. The...
by robert.hollis
Tue Feb 08, 2011 4:43 pm
Forum: Secutor Prime Support
Topic: Reference Check with Customized Profile
Replies: 1
Views: 5423

Required Edits in Customizing Benchmarks

Hello Mr. Hale, The SCAP benchmark files are tied together (in some cases) by filename. So, if you change the filename of the XCCDF file, you also need to change some other filenames too. Per SP 800-126, all the files are supposed to have similar filenames, like so... • xxxxx-xccdf.xml • xxxxx-o...
by robert.hollis
Wed May 05, 2010 5:17 pm
Forum: Secutor Prime Support
Topic: Need Help Customizing an FDCC oval definition
Replies: 1
Views: 7398

Good evening Mr. Hartig, If you are permitted to disclose your content, it would be much easier to walk through this with the full content. Our test bench includes tools to help us better identify content problems as well as source code problems. In these investigations, we consider both possibiliti...
by robert.hollis
Mon May 03, 2010 2:55 am
Forum: Secutor Prime Support
Topic: Manipulating Profile Variables for Customization
Replies: 1
Views: 5707

Hello Mr. Hale, Please accept my apologies for the delayed response. In SCAP, variables are typically defined in the XCCDF file. In particular, a profile will specify a "refine-value" like this... <refine> The variable is declared like this... <Value> <title>Minimum Password Length</title>...
by robert.hollis
Sun Aug 09, 2009 4:23 am
Forum: Secutor Prime Support
Topic: New User with some Questions
Replies: 2
Views: 7944

Hi Sean, We've gone back and rerun several tests against the April 8 XP VHD. We're finding that the image scores 100% on the compliance items. There are failures in the patch checks, but this is to be expected. The first failed patch is MS09-010 which is from the first Patch Tuesday following the re...
by robert.hollis
Thu Feb 26, 2009 12:01 pm
Forum: Secutor Prime Support
Topic: SecutorPrimePro scans for Linux
Replies: 1
Views: 6677

Hello, This issue has been fixed for Secutor Prime Release 3. R3 is currently in the validation process, but some general issues with the validation program are delaying the process. R3 has been at the lab and ready for validation since January, but the testing has not yet begun. We had hoped to res...
by robert.hollis
Tue Aug 19, 2008 8:20 pm
Forum: Secutor Magnus Support
Topic: XP Firewall benchmark
Replies: 7
Views: 13961

Hello from the development team, and thank you for your input. The XP Firewall content prior to the latest SCAP release, explicitly and solely indicated applicability to XP,SP2. The issue of excluding SP3 has been fixed in the "v1.0" version of the content. Your input has highlighted our n...
by robert.hollis
Thu Jun 26, 2008 11:00 am
Forum: Secutor Prime Support
Topic: FDCC SCAP update
Replies: 3
Views: 9805

I just received word back from NIST. Yes, this setting should be removed from the content. There are some other items (such as SID Name Translation) that also need to be addressed. However, for now there is no proposed date for fixing this item. In Secutor Prime, you can declare it as a deviation to...
by robert.hollis
Thu Jun 26, 2008 8:55 am
Forum: Secutor Prime Support
Topic: FDCC SCAP update
Replies: 3
Views: 9805

Re: Define Port Exceptions

Digging through the content a bit and the spreadsheet, I have more questions than answers at this time.

The content does indeed still check for this setting, and expects it to be set to "Enabled". I'll have to check with NIST to see if this is an oversight, or intended.

-rob
by robert.hollis
Mon Jun 16, 2008 5:03 am
Forum: Secutor Prime Support
Topic: Latest FDCC SCAP patches
Replies: 1
Views: 7598

The patch content files were generated with definition IDs that collide with the compliance content. This is a major OVAL no no. The FDCC team at NIST was notified this morning. I don't know if corrective action will be to fix the IDs, or to remove the link. A new version of the content will be rele...
by robert.hollis
Wed May 21, 2008 8:39 am
Forum: Secutor Magnus Support
Topic: "Different" 800-53 group results
Replies: 1
Views: 6134

800-53 Group Results

Hello 'JP', and thank you for your question. 0 pass, 0 fail means all rules of that group had 'unknown' results. Unknown can happen for a couple different reasons. In one case, there may be no underlying OVAL definition in the SCAP data stream to support the check. The Secutor Prime UI will display ...
by robert.hollis
Wed Feb 20, 2008 9:41 pm
Forum: Secutor Prime Support
Topic: SCAP Patch Content for MS07-052
Replies: 3
Views: 9207

Re: MS07-052

There are times when the vulnerability is deemed to be in the dll, even though the bulletin references a specific application. Without full insight into the Microsoft coding, some of this is guess work... backed up by testing against MBSA results. Supposedly, Microsoft will be stepping up to provide...

Go to advanced search